From owner-freebsd-java  Tue Apr  6 13:34:42 1999
Delivered-To: freebsd-java@freebsd.org
Received: from assurance.rstcorp.com (assurance.rstcorp.com [206.29.49.3])
	by hub.freebsd.org (Postfix) with ESMTP id 5367414D6A
	for <FreeBSD-java@freebsd.org>; Tue,  6 Apr 1999 13:34:35 -0700 (PDT)
	(envelope-from vshah@rstcorp.com)
Received: (from uucp@localhost)
	by assurance.rstcorp.com (8.8.8/8.8.8) id QAA03014;
	Tue, 6 Apr 1999 16:33:43 -0400
Received: from sandbox.rstcorp.com(206.29.49.63) by assurance.rstcorp.com via smap (V2.0)
	id xma003008; Tue, 6 Apr 99 20:33:28 GMT
Received: from jabberwock.rstcorp.com (jabberwock [206.29.49.98])
	by sandbox.rstcorp.com (8.8.8/8.8.8) with ESMTP id QAA11822;
	Tue, 6 Apr 1999 16:32:20 -0400 (EDT)
Received: (from vshah@localhost)
	by jabberwock.rstcorp.com (8.9.3/8.8.8) id QAA24235;
	Tue, 6 Apr 1999 16:32:21 -0400 (EDT)
Date: Tue, 6 Apr 1999 16:32:21 -0400 (EDT)
Message-Id: <199904062032.QAA24235@jabberwock.rstcorp.com>
From: "Viren R. Shah" <viren@rstcorp.com>
To: Jeff Dalton <jeff@aiai.ed.ac.uk>
Cc: FreeBSD-java@freebsd.org
Subject: Re: Fwd: New Hole in Java 2 (fwd)
In-Reply-To: <22035.199904061724@todday>
References: <22035.199904061724@todday>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Reply-To: "Viren R. Shah" <viren@rstcorp.com>
X-Face: )~y+U*K:yzjz{q<5lzpI_SVef'U.])9g[C9`1N@]u3,MHY7f*l7C)[_NjM4y4K8$uIUh|\u
 (K&&HS6,M!61&GMTk'mqmB/Qg]]X}"?TzsFl]"2v!bl8']dma.:^IY^a[lbOI>U:b<~FyK3q-p{HmZ
 mn~g.`~BE!5{2D:}Yi+\_KkWe?XaHj9$ko1k8iKLYv5*_2c8"G=?Up[}hn+7RNM(bzBZ_wWk6!Pf&B
 ?3Tcm7M7B~W%K/I0aX3]*=jP?aM]H6HBPT`oLk+0n^_;N\2\%|Rhy;p}34Q.jEsM\qtnxcm;ag%Nq
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-java@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> "Jeff" == Jeff Dalton <jeff@aiai.ed.ac.uk> writes:

 Jeff> Is it really the case that the attacker can seize control of a Unix
 Jeff> machine (such as a PC running FreeBSD) and "do whatever he wants",
 Jeff> which seems to imply that he can become root?  Or can he only do
 Jeff> whatever he wants provided it's something "nobody" is able to do?

It is basically a simple (though laughable) flaw in the bytecode
verifier (that should be pretty easy to fix), and will allow the
attacker to obtain the priviledges of the uid that the VM process is
running  as -- so unless you are browsing as root (at which
point you deserve what you get), the attacker will not get root
through this particular VM flaw. [Once he has access to your account,
there are other ways to get root]


 Jeff> -- jeff

Viren
-- 
Viren R. Shah                  | viren@rstcorp.com
Research Associate             | viren@viren.org
Reliable Software Technologies | http://www.rstcorp.com/~vshah




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-java" in the body of the message